Nectarnetics
2024-05-20 08:40:32
(3 months ago)
(Enumeration|Scan) from 45.13.191.8
URIs attempted: 2
User-Agent: Mozilla/5.0 (Macintosh ... show more (Enumeration|Scan) from 45.13.191.8
URIs attempted: 2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Samples:
/.env.production
/_profiler/open show less
Web App Attack
Nectarnetics
2024-05-20 08:24:31
(3 months ago)
(Enumeration|Scan)
Source IP: 45.13.191.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Ma ... show more (Enumeration|Scan)
Source IP: 45.13.191.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Path: /.env.production show less
Web App Attack
MAGIC
2024-05-20 04:01:26
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
mawan
2024-05-20 00:24:24
(3 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
10dencehispahard SL
2024-05-17 03:00:09
(3 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-05-16 14:20:44
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 16 10:20:37.021879 2024] [security2:error] [pid 20093] [client 45.13.191.8:64235] [client 45.13.191.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.cryptoedge.net|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.cryptoedge.net"] [uri "/wallet.dat"] [unique_id "ZkYWNSw8eX_VLcGhHGiTnwAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-14 13:31:56
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 14 09:31:52.093640 2024] [security2:error] [pid 26631] [client 45.13.191.8:52359] [client 45.13.191.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doubloonswap.com"] [uri "/backups/sftp-config.json"] [unique_id "ZkNnyDXaih6rnqix2w-HeAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-05-08 03:11:46
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-08 21:46:03
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 08 17:45:55.664490 2024] [security2:error] [pid 2041] [client 45.13.191.8:42907] [client 45.13.191.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcoinsubscribers.com"] [uri "/restore/sftp-config.json"] [unique_id "ZhRlk-v9Gy7EonIDcHyJjgAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-28 17:50:18
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 28 13:50:12.414946 2024] [security2:error] [pid 828518] [client 45.13.191.8:14915] [client 45.13.191.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||usbea.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/back/mysql.sql"] [unique_id "ZgWt1P0whSrr7ukpOn2UXwAAABs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-21 19:26:26
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 21 15:26:20.306027 2024] [security2:error] [pid 1820] [client 45.13.191.8:41971] [client 45.13.191.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "towlesilvapsychotherapy.com"] [uri "/bak/.env"] [unique_id "ZfyJ3FwPgU-lbueDb4DpAgAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-18 15:20:09
(5 months ago)
Unauthorized connection attempt detected in the last 24 hours
Hacking
Anonymous
2024-03-15 15:00:07
(5 months ago)
Unauthorized connection attempt detected in the last 24 hours
Hacking
TPI-Abuse
2024-03-13 17:51:13
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.13.191.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 13 13:51:08.378661 2024] [security2:error] [pid 20820] [client 45.13.191.8:41943] [client 45.13.191.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.nationalenq.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nationalenq.com"] [uri "/restore/wallet.dat"] [unique_id "ZfHnjNqd0D9VzaxCQjeFjwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-12 14:40:05
(6 months ago)
Unauthorized connection attempt detected in the last 24 hours
Hacking